Handle the default users and their initial passwords
Customise Permissions After Upgrade
Every action of the emergency user must be traceable, which requires the appropriate configuration of logging components such as the Security Audit Log. After the event, all log files are always evaluated and all details are recorded in documentation. It is also possible to specify in the concept that, in the event of an emergency, extended authorization may be granted to other selected users; this is up to the company to decide.
Determine if all recurring external services corresponding to area start pages and logical links have been removed from the GENERIC_OP_LINKS folder. Create a separate PFCG role for this folder. This PFCG role could contain all the basic permissions a user must have in SAP CRM. This includes the permission for the generic OP links. You can transfer this folder to a separate PFCG role by locally specifying the PFCG role that contains the GENERIC_OP_LINKS folder in the new PFCG role under Menu > Other Role >. Now maintain the PFCG role so that only the UIU_COMP authorization object remains active. Disable any other visible authorization objects. These are the authorization objects that allow access to data. You can maintain these authorization objects in the PFCG role, which describes the user's workplace. In the PFCG role that describes the desktop, you can now delete the GENERIC_OP_LINKS folder. If you remix the PFCG role, you will find that many of the unnecessary permissions objects have disappeared.
Authorization object documentation
Your SAP system landscape keeps you safe and up-to-date by inserting different types of SAP hints and patches. For a first overview of the security information for SAP systems, see the SAP Service Marketplace at https://service.sap.com/securitynotes. For a complete list of all security advisories for all SAP solutions (SAP NetWeaver Application Server ABAP and Java, TREX, SAP HANA, Sybase, SAP GUI, etc.), see Security Notes Search on this page. The My Security Notes page allows you to find the SAP notes that are relevant for systems registered in SAP Service Marketplace. This does not take into account information already recorded.
Secure your go-live additionally with "Shortcut for SAP systems". You can assign necessary SAP authorizations quickly and easily directly in the system.
You can also find some useful tips from practice on the subject of SAP authorizations on the page "www.sap-corner.de".
This transaction is intended for migration tasks, but is also very well suited to allow a particular transaction to be repeated and automated.